Vinita Privacy Policy

This Privacy Policy applies to Vinita, our website at www.vinita.io and/or our iOS and Android Mobile applications (collectively our “Platform”).

In the below Privacy Policy, we inform you about the scope of the processing of your Personal Data.

This policy sits in line with:

• Delaware`s Online Privacy and Protection Act (“DOPPA”),

• California`s Consumer Privacy Act (“CCPA”) and the subsequent amendments from the California Privacy Rights and Enforcement Act (“CPRA”),

• Canada`s Personal Data Protection and Electronic Documents Act (“PIPEDA”),

• the EU`s General Data Protection Regulation (“GDPR”), and

• Australia’s Privacy Act (“Privacy Act”)

General Information

What is Personal Data?

Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal Data. This includes, for example, the number of users of a website.

What is Special Category Data?

Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data. As well as, data concerning health, a person’s sex life; and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing.

What is processing?

"Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

Responsible for data processing

Responsible for data processing is Vinita Inc of 584 Castro St #2188 San Francisco CA 94114. We act as the data controller, and ask you to direct all questions about your Personal Data directly to us using support@vinita.co, our Contact Form or write us to the above address.

How we process personal data

We process personal data within the limits permitted by law. This means that data processing operations are based on a legal basis. These are standardized in Article 6 Paragraph 1 GDPR. Most data processing is based on a legitimate interest on our part (Art. 6 Para. 1 lit. f GDPR), on processing operations necessary to execute the contract (Art. 6 Para. 1 lit. b GDPR) or based on consent given by the user or you (Art. 6 para. 1 lit. a GDPR). In the latter case, you will be notified of the consent process separately (e.g. via a cookie banner).

We only process personal data for necessary purposes (Art. 5 Para. 1 lit. b GDPR). As soon as the purpose of processing no longer applies, your personal data will be deleted or protected through technical and organizational measures (e.g. through pseudonymization).

The same applies to the expiry of a prescribed storage period, subject to cases in which further storage is necessary to conclude or fulfill a contract. In other cases, the storage period and type of data collected as well as the type of data processing depends on which functions you use in the individual case. We would be happy to provide you with information about this in individual cases, in accordance with Art. 15 GDPR.

We process these categories of data 

Data categories include in particular the following data:

Master data (e.g. names, age, gender, images and other user preferences),

Contact details (e.g. phone number),

App usage data (e.g. times of app access, features used)

Connection data (e.g. device information).

We take a variety of security measures

We take a variety of security measures

In accordance with the legal provisions and taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to your rights and freedoms, we take appropriate technical and organizational measures, to ensure a level of protection appropriate to the risk.

The measures include, in particular, that your data is stored and processed confidentially, with integrity and available at all times. The security measures we take also include controls over access to all user data as well as input, transfer, ensuring availability and separation from the data of other natural persons. In addition, we have put in place procedures to ensure the exercise of the rights of data subjects (see Chapter 5), the deletion of data and responses in the event that your data is compromised. We also take the protection of personal data into account when developing our software and through procedures that meet the principle of data protection through technology design and data protection-friendly default settings.

How we transfer or disclose personal data to third parties

As part of our processing of personal data, this data may be transmitted or disclosed to other bodies, companies, legally independent organizational units or persons. These third parties can be, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that we have integrated into our services. If we pass on or disclose personal data to third parties, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of the data that serve to protect the data.

We strictly adhere to all requirements of the General Data Protection Regulation (GDPR) in these processes and ensure that only the minimum necessary data is shared to maintain the functionality of our app. All services we use are GDPR compliant. In cases where your personal data is passed on or disclosed to third parties, we strictly comply with legal requirements and enter into contracts

This is how a third country transfer takes place

While we do not transfer data directly to the EU through our contractual partners or subcontractors, the additional services we use, Mixpanel and Revenuecat, may process or store data outside the EU. Nevertheless, we only use services that are compliant with the General Data Protection Regulation (Articles 44 to 49 GDPR), thereby maintaining our commitment to data protection and privacy.

Furthermore, a third country transfer usually only takes place with your express consent. If this is not available, we guarantee that we have contractual or legal authorization to transmit and process your data in the third country in question. As part of our digital activities, we use third-party services that are fully compliant with the General Data Protection Regulation (GDPR). In particular, we use services such as HubSpot, a GDPR compliant tool, to manage our "Contact Us" forms and email services. In addition, we only have your data processed by service providers in third countries who have a recognized level of data protection. This means that contractual obligations between us and the service provider in the third country must be based on so-called standard protection clauses from the EU Commission or the service provider in the third country can provide data protection certifications and your data will only be processed in accordance with internal data protection regulations (Articles 44 to 49 GDPR , EU Commission information page:  https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).

As part of the so-called “Data Privacy Framework” (“ DPF ”), the EU Commission has recognized the level of data protection for certain companies from the USA as secure as part of the adequacy decision of July 10, 2023. A list of certified companies and further information about the DPF can be found on the US Department of Commerce website at  https://www.dataprivacyframework.gov/  (in English). As part of this data protection declaration, we will inform you which services we use are certified under the Data Privacy Framework.

Where is your data stored?

In the course of our business and Platform operations, we process data in our Delaware based headquarters. All data collect is generally transferred to our Amazon Web Services (AWS) Server and our Google Firebase Database when you are using our APP. The legal basis for the data processing is our legitimate interest in providing our Platform.

How long is your data stored?

We process and store your Personal Data only to achieve the respective processing purpose or for as long as a legal retention period exists (in particular the Delaware’s commercial and tax law for up to six years). Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.

Processing of Automatically Collected Data

Collection of access data and log files

We collect data on every access to our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider
Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing website.

Use of cookies

Cookies" are small files that are stored on your device. Different information can be stored within the cookies. We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval.

For further information on the strictly necessary cookies used on our website, please refer to our Cookie Policy. The legal basis for the use of cookies is our legitimate interest and your consent.

Downloading and Installing the APP

The APP can be downloaded from the "Google Playstore" a service offered by Google LLC, or the Apple App service "App Store" a service of Apple Inc. to install our APP. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.

As far as we are aware, Google collects and processes the following data: License check, network access, network connection, WLAN connections, and location information. However, it cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which Personal Data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google as the operator of the Google Play Store.

As far as we are aware, Apple collects and processes the following data: device identifiers, IP addresses, location information, it cannot be excluded that Apple also transmits the information to a server in a third country. This could in particular be Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. We cannot influence which Personal Data Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store.

Device information collected by Google and Apple

Google and Apple may collect information from and about the device(s) you use to access the APP, including hardware and software information such as IP address, device ID and type, device-specific and APP settings and properties, APP crashes, advertising IDs (AAID), information about your wireless and mobile network connection such as your service provider and signal strength; information about device sensors such as accelerometer, gyroscope, and compass.

Firebase

We use the Google Firebase developer Platform and related features and services provided by Google LLC and Google Ireland Limited. Google Firebase is a Platform for developers of apps for mobile devices. The Google Firebase developer Platform offers a variety of features. A list of these features can be found at: https://firebase.google.com/terms/. Firebase's key security and privacy information can be found here: https://firebase.google.com/support/privacy

Authorizations and Access

We may request permission to store your APP data including your Internet Connection and Network, Location, Push Notifications, Camera, Gallery, Location, and file storage of your device. The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can deny access on your device via the Settings/Notifications/ options of your device; however, this means that our APP may not function as intended.

Push messages

When you use the app, you will receive so-called push messages from us, even if you are not currently using the App. These are messages that we send you as part of the performance of the contract. You can adjust or stop receiving push messages at any time via the device settings of your device. Insofar as you consent to the use of push messages, consent is the legal basis for the processing.

Purchases

When you make In-app purchases (Vinita Plus, Boost, Super Likes, etc.), we (Google and Apple on our behalf) may collect the following data from you to process the purchase:

• Android or Apple user ID

• Email address

• Payment confirmation from the payment data collected by Apple or Google; and

• Device IP and device serial number to link the story history to the device

Your Rights and Privileges

It goes without saying that we cannot help you find a partner without knowing some data about you, such as basic profile data and the types of people you would like to meet. We also collect data that occurs while you are using our services, such as records of access, but also data from third parties, such as when you access our services through social networks. You can find more information about this below.

Also, information gathered by integrations of third-party services such as linkedin and instagram. If click on the like (heart) to say "yes" to a person, you will be able to chat with that person if they say yes to you, e.g., when you have a "match." if you chat with your match, of course your match will see the content of your chat. Personal information. We do not share your personal information with others except as indicated in this privacy policy. We may share personal information with:

Contacting us

If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided it, and your message. The legal basis for the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our overriding legitimate interest in processing your request.

Account Registration

If you create a user account, we will collect your Full Name, Phone number (we also send you a One-time password (OTP)), Email Address, Date of Birth, Gender and who you are interested in. Within your profile you are able to delete your account at any time. Your data will be processed on the basis of your consent.

Alternatively, you are able to sign up using the convenience log in and sign up from Apple Inc or Facebook. For Apple or Facebook log in and sign up, you will be asked to provide your basic information (i.e., name, email address, and display picture) linked to your account. If granted, your username and password will be auto generated to fill in the rest of required user data. When registering via Apple or Facebook connect function, you agree to the relevant terms and conditions and consent to certain data from your respective profile of being transferred to us.

Profile

As a registered user, you have the opportunity to create a user profile with just a few clicks and details. If you make use of the option, the relevant profile data you provide will be transferred to your profile. Of course, you can change the information at any time via the settings in your profile.

When creating a profile, you can submit both Personal Data and Special Category Data. You have choices about the information on your profile. You don’t have to provide additional information on your profile; however, profile information helps you to get more from our Services. It’s your choice whether to include sensitive information on your profile and to make that sensitive information public. Please do not post or add Personal Data to your profile that you would not want to be available.

The legal basis for the processing of your Personal Data is the establishment and implementation of the user contract for the use of the service. We store the data until you delete your user account. Insofar as legal retention periods are to be observed, storage also takes place beyond the time of deletion of a user account.

Profile Verification

You may verify your account by creating and uploading an Image of your Face. In doing so, we may derive facial-related information from you and use it solely for the purpose of verifying that it is you. We do not collect, use, or store any facial-related information for the purpose of recognizing faces outside of this limited purpose.

When using our services

We process the data of our registered users in order to be able to provide our contractual services as well as to ensure the security of our services and to be able to develop it further.

Some of the Personal Data you provide may be considered “special” or “sensitive”. This includes Personal Data concerning for example your health, racial or ethnic origins, sexual orientation, and religious beliefs. By choosing to provide this data, you consent to our processing of that data.

You have choices about the Personal Data you upload and share. You don’t have to provide Personal Data; however, Personal Data helps you to get more from our Services. It’s your choice whether to include Special Category Data and to make that Special Category Data public. Please do not upload or add data that you would not want to be available.

The legal basis for the processing of your personal and Special Category Data is the establishment and implementation of the user contract for the use of the service as well as your consent. We store the data until you delete your user account. Insofar as legal retention periods are to be observed, storage also takes place beyond the time of deletion of a user account.

You may withdraw your consent and request us to stop using and/or disclosing your personal and Special Category Data by submitting your request to us.

The legal basis for the data processing is the fulfilment of our contractual obligations and, in individual cases, the fulfilment of our legal obligations as well as your consent.

Contacting others

Of course, we also process your chats and communications with other users as well as the content you publish, as necessary for the operation of the services. In addition to the information, you may provide us directly, we receive information about you from others. Users may provide information about you as they use our services, for instance as they interact with you or if they submit a report involving you.

We also share some users’ information with service providers and partners who assist us in operating the services. You share information with other users when you voluntarily disclose information on the service (including your profile). Please be careful with your information and make sure that the content you share is stuff that you’re comfortable being visible. The legal basis for the data processing is the fulfillment of our contractual obligations and, in individual cases, the fulfillment of our legal obligations as well as your consent.

Information that we receive from others

In addition to the information, you provide to us directly, we receive information about you from others, including other users who provide us with information about you when they use our Services. For example, we may receive information about you from other users when you contact them about us. We collect information about your activities on our Services, such as how you use them (e.g., the date and time you logged in, features you used, searches you performed, clicks and pages you were shown, ratings you clicked on) and how you interact with other users (e.g., users you connect and interact with, the time and date of your exchanges).

Service Notifications

By using our services, you are giving your consent to receiving notifications and messages per email. Those typically include administrative information about your account and activity. The legal bases are to provide you with our services and your consent.

Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services.

Marketing

Insofar as you have also given us your consent to process your Personal Data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.

You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission, or sometimes your consent is implied from your interactions or contractual relationship. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.

Our Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent by us or on our behalf will include a means by which you may unsubscribe or opt out.

General Principles

Obligation to provide Personal Data

You are not obliged to provide us with Personal Data. However, depending on the individual case as described above, the provision of certain Personal Data may be necessary for the provision of the services. If you do not provide us with this Personal Data, we may not be able to provide the requested service.

Minors

Persons under the age of 18 should not transmit any Personal Data to us without the consent of their parents or legal guardians. We do not request Personal Data from minors and children and do not knowingly collect such data or pass it on to third parties.

Automated decision-making

Automated decision-making including profiling does not take place.

Do Not Sell

We do not sell your Personal Data.

Social Media

We are present on social media on the basis of our legitimate interest. If you contact us via social media Platforms, we and the relevant social media Platform and we are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The legal basis for the use of the relevant social media Platform is our legitimate interest, your consent or, in the case of a (pre) contractual relationship with us, the initiation of a contractual service, if any.

Sharing

We will not disclose or otherwise distribute your Personal Data to third parties unless this is a) necessary for the performance of our services, b) you have consented to the disclosure, c) or the disclosure of data is permitted by relevant legal provisions.

We may share your Personal Data with our business partners for the purposes described in this Privacy Policy, including, without limitation, to carry out transactions you request or to respond more quickly to your needs in our operations. We will only share your Personal Data with business partners who have agreed to protect your Personal Data and to use it only for the purposes we have specified.

In addition, we may disclose your Personal Data: in connection with law enforcement, fraud prevention or other legal proceedings; as required by law or regulation; if Vinita (or a part of Vinita) is sold to or merged with another company; or if we have reason to believe that disclosure is necessary to protect Vinita, its users or the public.

In all cases other than those described above, Personal Data will not be disclosed by us to third parties for their own marketing purposes without your consent.

International Transfer

In the course of our business, we process data. This also includes disclosure by transmission to third parties and, where applicable, to so-called third countries outside the USA. Where we transfer data outside the USA, we ensure that processing of your Personal Data is governed by Processing Agreements that include Standard Contractual Clauses to ensure a high level of data protection.

Data Security

Our data processing is subject to the principle that we only process the Personal Data that is necessary for the use of our services. In doing so, we take great care to ensure that your privacy and the confidentiality of all Personal Data are always guaranteed.

We also use technical and organizational security measures (TOMs) throughout the company to protect the data we manage from you against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of the action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Your Rights and Privileges

Privacy rights

Under the DOPPA, you can exercise the following rights:

• Right to be informed

• Right to delete

• Right to opt-out of sale

• Right to non-discrimination

• Right to rectification

• Right to limit use and disclosure of sensitive personal data

Under the CCPA and the CPRA amendment, you can exercise the following rights:

• Right to know/access

• Right to delete

• Right to opt-out of sale

• Right to non-discrimination

• Right to rectification

• Right to limit use and disclosure of sensitive personal data

• Further, California’s “Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Data using the contact details provided.

Under the PIPEDA, you have the following rights:

• Right to be informed

• Right to access

• Right to rectification

• Right to erasure

• Right to object/opt-out

• Right to Consent

• Right to Redressal

Under the UK`s DPA and EU`s GDPR, you can exercise the following rights:

• Right to information

• Right to rectification

• Right to object to processing

• Right to deletion

• Right to data portability

• Right of objection

• Right to withdraw consent

• Right to complain to a supervisory authority

• Right not to be subject to a decision based solely on automated processing.

Under the Privacy Act, you can exercise the following rights:

• Right to information about the Personal Data concerned.

• Right to rectification of inaccurate Personal Data.

• Right to erasure of Personal Data.

• Right to restriction of processing.

• Right to object to processing.

• Right to object at any time to the processing of your Personal Data for the purposes of advertising and data analysis.

• Right to withdraw consent if you have given us consent to process your data.

If you wish to exercise any of your rights, please contact us.

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.

Withdrawing your consent

You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Access Request

In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).

Complaint to a supervisory authority

You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection.

Controls For Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

Updates

We may update this Privacy Policy from time to time. If we make changes to this Privacy Policy or materially change our use of your Personal Data, we will revise the Privacy Policy accordingly and also change the effective date at the end of this section. We encourage you to periodically review this Privacy Policy to be informed of how we use and protect your Personal Data. This Privacy Policy was last updated on Tuesday, February 7, 2023.

Questions?

If you would like to contact us regarding our privacy practices for any reason, please do so using support@vinita.co, our Contact Form or write us to the above address.